��
�Udac������������@`��s����d��d��l��m��Z��m��Z��m��Z���e��Z��i��d��d��6d��g��d��6d��d��6Z��d��Z��d �Z��d
�Z �d��d��l
�m��Z��m��Z��m
�Z
��d��d��l��m��Z���d��d
�l��m��Z��m��Z���d��d��l��Z��d�����Z��e��d��k��r��e������n��d��S(����i����(����t����absolute_importt����divisiont����print_functions����1.1t����metadata_versiont����previewt����statust ���communityt����supported_bys����
---
module: acme_inspect
author: "Felix Fontein (@felixfontein)"
version_added: "2.8"
short_description: Send direct requests to an ACME server
description:
- "Allows to send direct requests to an ACME server with the
L(ACME protocol,https://tools.ietf.org/html/rfc8555),
which is supported by CAs such as L(Let's Encrypt,https://letsencrypt.org/)."
- "This module can be used to debug failed certificate request attempts,
for example when M(acme_certificate) fails or encounters a problem which
you wish to investigate."
- "The module can also be used to directly access features of an ACME servers
which are not yet supported by the Ansible ACME modules."
notes:
- "The I(account_uri) option must be specified for properly authenticated
ACME v2 requests (except a C(new-account) request)."
- "Using the C(ansible) tool, M(acme_inspect) can be used to directly execute
ACME requests without the need of writing a playbook. For example, the
following command retrieves the ACME account with ID 1 from Let's Encrypt
(assuming C(/path/to/key) is the correct private account key):
C(ansible localhost -m acme_inspect -a \"account_key_src=/path/to/key
acme_directory=https://acme-v02.api.letsencrypt.org/directory acme_version=2
account_uri=https://acme-v02.api.letsencrypt.org/acme/acct/1 method=get
url=https://acme-v02.api.letsencrypt.org/acme/acct/1\")"
seealso:
- name: Automatic Certificate Management Environment (ACME)
description: The specification of the ACME protocol (RFC 8555).
link: https://tools.ietf.org/html/rfc8555
- name: ACME TLS ALPN Challenge Extension
description: The specification of the C(tls-alpn-01) challenge (RFC 8737).
link: https://www.rfc-editor.org/rfc/rfc8737.html
extends_documentation_fragment:
- acme
options:
url:
description:
- "The URL to send the request to."
- "Must be specified if I(method) is not C(directory-only)."
type: str
method:
description:
- "The method to use to access the given URL on the ACME server."
- "The value C(post) executes an authenticated POST request. The content
must be specified in the I(content) option."
- "The value C(get) executes an authenticated POST-as-GET request for ACME v2,
and a regular GET request for ACME v1."
- "The value C(directory-only) only retrieves the directory, without doing
a request."
type: str
default: get
choices:
- get
- post
- directory-only
content:
description:
- "An encoded JSON object which will be sent as the content if I(method)
is C(post)."
- "Required when I(method) is C(post), and not allowed otherwise."
type: str
fail_on_acme_error:
description:
- "If I(method) is C(post) or C(get), make the module fail in case an ACME
error is returned."
type: bool
default: yes
s7
��
- name: Get directory
acme_inspect:
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: 2
method: directory-only
register: directory
- name: Create an account
acme_inspect:
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: 2
account_key_src: /etc/pki/cert/private/account.key
url: "{{ directory.newAccount}}"
method: post
content: '{"termsOfServiceAgreed":true}'
register: account_creation
# account_creation.headers.location contains the account URI
# if creation was successful
- name: Get account information
acme_inspect:
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: 2
account_key_src: /etc/pki/cert/private/account.key
account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}"
method: get
- name: Update account contacts
acme_inspect:
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: 2
account_key_src: /etc/pki/cert/private/account.key
account_uri: "{{ account_creation.headers.location }}"
url: "{{ account_creation.headers.location }}"
method: post
content: '{{ account_info | to_json }}'
vars:
account_info:
# For valid values, see
# https://tools.ietf.org/html/rfc8555#section-7.3
contact:
- mailto:[email protected]
- name: Create certificate order
acme_certificate:
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: 2
account_key_src: /etc/pki/cert/private/account.key
account_uri: "{{ account_creation.headers.location }}"
csr: /etc/pki/cert/csr/sample.com.csr
fullchain_dest: /etc/httpd/ssl/sample.com-fullchain.crt
challenge: http-01
register: certificate_request
# Assume something went wrong. certificate_request.order_uri contains
# the order URI.
- name: Get order information
acme_inspect:
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: 2
account_key_src: /etc/pki/cert/private/account.key
account_uri: "{{ account_creation.headers.location }}"
url: "{{ certificate_request.order_uri }}"
method: get
register: order
- name: Get first authz for order
acme_inspect:
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: 2
account_key_src: /etc/pki/cert/private/account.key
account_uri: "{{ account_creation.headers.location }}"
url: "{{ order.output_json.authorizations[0] }}"
method: get
register: authz
- name: Get HTTP-01 challenge for authz
acme_inspect:
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: 2
account_key_src: /etc/pki/cert/private/account.key
account_uri: "{{ account_creation.headers.location }}"
url: "{{ authz.output_json.challenges | selectattr('type', 'equalto', 'http-01') }}"
method: get
register: http01challenge
- name: Activate HTTP-01 challenge manually
acme_inspect:
acme_directory: https://acme-staging-v02.api.letsencrypt.org/directory
acme_version: 2
account_key_src: /etc/pki/cert/private/account.key
account_uri: "{{ account_creation.headers.location }}"
url: "{{ http01challenge.url }}"
method: post
content: '{}'
s����
directory:
description: The ACME directory's content
returned: always
type: dict
sample: |
{
"a85k3x9f91A4": "https://community.letsencrypt.org/t/adding-random-entries-to-the-directory/33417",
"keyChange": "https://acme-v02.api.letsencrypt.org/acme/key-change",
"meta": {
"caaIdentities": [
"letsencrypt.org"
],
"termsOfService": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf",
"website": "https://letsencrypt.org"
},
"newAccount": "https://acme-v02.api.letsencrypt.org/acme/new-acct",
"newNonce": "https://acme-v02.api.letsencrypt.org/acme/new-nonce",
"newOrder": "https://acme-v02.api.letsencrypt.org/acme/new-order",
"revokeCert": "https://acme-v02.api.letsencrypt.org/acme/revoke-cert"
}
headers:
description: The request's HTTP headers (with lowercase keys)
returned: always
type: dict
sample: |
{
"boulder-requester": "12345",
"cache-control": "max-age=0, no-cache, no-store",
"connection": "close",
"content-length": "904",
"content-type": "application/json",
"cookies": {},
"cookies_string": "",
"date": "Wed, 07 Nov 2018 12:34:56 GMT",
"expires": "Wed, 07 Nov 2018 12:44:56 GMT",
"link": "<https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf>;rel="terms-of-service"",
"msg": "OK (904 bytes)",
"pragma": "no-cache",
"replay-nonce": "1234567890abcdefghijklmnopqrstuvwxyzABCDEFGH",
"server": "nginx",
"status": 200,
"strict-transport-security": "max-age=604800",
"url": "https://acme-v02.api.letsencrypt.org/acme/acct/46161",
"x-frame-options": "DENY"
}
output_text:
description: The raw text output
returned: always
type: str
sample: "{\n \"id\": 12345,\n \"key\": {\n \"kty\": \"RSA\",\n ..."
output_json:
description: The output parsed as JSON
returned: if output can be parsed as JSON
type: dict
sample:
- id: 12345
- key:
- kty: RSA
- ...
(����t����ModuleFailExceptiont����ACMEAccountt����set_crypto_backend(����t
���AnsibleModule(����t ���to_nativet����to_bytesNc��������!���C`��sG���t��d��t��d��t��d��d��d��d��g�����d��t��d��d��d �t�����d
�t��d��d�����d��t��d��d��d��d
����d��t��d��d��d��d��d��d��d��g�����d��t��d��d��d��t�����d��t��d��d�����d��t��d��d��d��d��d��d��g��d��d�����d��t��d��d�����d��t��d��d��d��t�����d��t��d��d��d��d��d��d��d��d��g��������d �d��d��g��f��d!�d��d��d��g��g��d��d��d��d��g��g��d��d��d��d��g��t��g��d��d��d��d��g��t��g��f�����}��t��|������|��j��j��d�����s��|��j��d"�d#�d$��d%������n��t�����}��t��}��yc�t��|�����}��|��j��d���}��|��j �j �|��d&�<|��d��k��r �|��j��d���}��|��j��d���}��|��d��k��r<�|��j
�|��d'�t��d(�t�����\��}��}��nF�|��d��k��r��t��}��|��j��|��t��|��j��d������d'�t��d)�t�����\��}��}��n��|��j
�t��d*�|��d+�t��|������������y��t��j��|�����|��d,�<Wn���t��k
�r���} ��n��X|��r �|��d-��d.�k��r �t��d/�j��|��d-��|�����������q �n��|��j��d0�|��|������Wn#��t��k
�rB��}
��|
�j��|��|������n��Xd��S(1���Nt
���argument_spect����account_key_srct����typet����patht����aliasest����account_keyt����account_key_contentt����strt����no_logt����account_urit����acme_directoryt����defaults2���https://acme-staging.api.letsencrypt.org/directoryt����acme_versiont����inti����t����choicesi����t����validate_certst����boolt����urlt����methodt����gett����posts����directory-onlyt����contentt����fail_on_acme_errort����select_crypto_backendt����autot����opensslt����cryptographyt����mutually_exclusivet����required_ift����warningsH���Disabling certificate validation for communications with ACME endpoint. sE���This should only be done for testing against a local ACME server for s:���development purposes, but *never* for production purposes.t ���directoryt����parse_json_resultt
���fail_on_errort����encode_payloadt����headerst����output_textt����output_jsonR����i����s*���ACME request failed: CODE: {0} RESULT: {1}t����changed(����R����t����dictt����TrueR
���t����paramsR!���t����warnt����FalseR ���R,���t����get_requestt����send_signed_requestR
���t����updateR����t����jsont����loadst ���ExceptionR����t����formatt ���exit_jsont����do_fail(����t����modulet����resultR3���t����accountR ���R����R$���t����datat����infot����dummyt����e(����(����sL���/usr/lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_inspect.pyt����main����sb�����������������!�����$�����'�����������
��� ����� �������
�����
�
���$�����4�����������������"�����t����__main__(����t
���__future__R����R����R����R����t
���__metaclass__t����ANSIBLE_METADATAt
���DOCUMENTATIONt����EXAMPLESt����RETURNt����ansible.module_utils.acmeR����R ���R
���t����ansible.module_utils.basicR����t����ansible.module_utils._textR����R
���R<���RI���t����__name__(����(����(����sL���/usr/lib/python2.7/site-packages/ansible/modules/crypto/acme/acme_inspect.pyt����<module>����s��������
�
�
G�d�>���������� D��
Anons79 File Manager Version 1.0, Coded By Anons79
Email: [email protected]
Anons79 Mini Shell